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AMENDMENTS TO THE CLAIMS 

1. (Original) A method for a first Web service provider to invoke a service hosted 
on a second Web service provider on behalf of a principal in a computer environment, 
5 comprising the steps of: 

said principal logging in with a discovery service; 

said discovery service passing to said principal an identity assertion associated 
with said principal and a discovery service descriptor associated with said discovery 
service for use by principal for future authentication; 

io said principal authenticating using said identity assertion arid using said 

discovery service descriptor at a Web service client, said Web service client linking to 
and representing a desired commerce site of said principal; 

in response to an action related to said desired commercial site, said Web 
service client requesting a first service descriptor associated with said first Web service 
15 and a first service assertion associated with said first Web service from said discovery 
service; 

in response to receiving said first service descriptor and said first service 
assertion, said Web service client invoking a desired service at said first Web service; 

upon said first Web service determining a need to invoke a second desired 
20 service at a second Web service, said first Web service requesting from said discovery 
service a second service descriptor associated with said second Web service and a 
second service assertion associated with said second Web service; and 

in response to receiving said request for said second service descriptor and said 
second service assertion, said discovery service adding said second service assertion 
25 to said first service assertion and subsequently passing said first service assertion and 
said second service descriptor to said first Web service; 
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in response to receiving said first service assertion and second service 
descriptor, said first Web service invoking said desired second service at said second 
Web service. 

5 2. (Original) The method of Claim 1, wherein said first Web service invokes one or 
more services hosted on one or more Web servers. 

3. (Original) The method of Claim 1, wherein said Web sen/ice client, said 
discovery service, said first Web server, and said second Web server are members of a 

10 federation relationship in which each member trusts said discovery service. 

4. (Original) The method of Claim 1, wherein said service assertion is any of , but 
not limited to: 

a ticket; 

15 a token; 

is notarized by said discovery service; and 

is certified by said discovery service. 

5. (Previously Presented) The method of Claim 4, wherein said service assertion is 
20 implemented using any of, but not limited to: 

a string; 

a certificate; 

a public key; and 

discovery keys wherein the discovery service has copies of the keys. 

.25 . •'■ 

3 * 
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(Original) The method of Claim 1 , wherein said service descriptor comprises any 
but not limited to: 

a URL; 

a String; and 

a Simple Object Access Protocol (SOAP) address for Web services. 

7. (Original) An apparatus for a first Web service provider to invoke a service 
hosted on a second Web service provider on behalf of a principal in a computer 
environment, comprising: 

10 means for said principal logging in with a discovery service; 

means for said discovery service passing to said principal an identity assertion 
associated with said principal and a discovery service descriptor associated with said 
discovery service for use by principal for future authentication; 

means for said principal authenticating using said identity assertion and using 
15 said discovery service descriptor at a Web service client, said Web service client linking 
to and representing a desired commerce site of said principal; 

in response to an action related to said desired commercial site, means for said 
Web service client requesting a first service descriptor associated with said first Web 
service and a first service assertion associated with said first Web service from said 
20 discovery service; 

in response to receiving said first service descriptor and said first service 
assertion, means for said Web service client invoking a desired service at said first Web 
service; 

upon said first Web sen/ice determining a need to invoke a second desired 
25 service at a second Web service, means for said first Web service requesting from said 
discovery service a second service descriptor associated with said second Web service 
and a second service assertion associated with said second Web service; and 

4 



6. 
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in response to receiving said request for said second service descriptor and said 
second service assertion, means for said discovery service adding said second service 
assertion to said first service assertion and subsequently passing said first service 
assertion and said second service descriptor to said first Web service; 

5 in response to receiving said first service assertion and second service 

descriptor, means for said first Web service invoking said desired second service at said 
second Web service. 

8. (Original) The apparatus of Claim 7, wherein said first Web service invokes one 
10 or more services hosted on one or mpre Web servers. 

9. (Original) The apparatus of Claim 7, wherein said Web service client, said 
discovery service, said first Web server, arid said second Web server are members of a 
federation relationship in which each member trusts said discovery service. 

15 

10. (Original) The apparatus of Claim 7, wherein said service assertion is any of, but 
not limited to: 

a ticket; 

a token; 

20 is notarized by said discovery service; and 

is certified by said discovery service. 

11. (Previously Presented) The apparatus of Claim 10, wherein said service 
assertion is implemented using any of , but not limited to: 

25 a string; 

a certificate; 

a public key; and 

'"■ 9 ■ 
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discovery keys wherein the discovery service has copies of the keys. 

12. (Original) The apparatus of Claim 7, wherein said service descriptor comprises 
any of, but not limited to: 

5 a URL; 

a String; and 

a Simple Object Access Protocol (SOAP) address for Web services. 

13. (Original) A program storage medium readable by a computer, tangibly 
10 embodying a program of instructions executable by the computer to perform a method 

for updating address information in a computer environment, the method comprising the 
steps of: 

said principal logging in with a discovery service; 

said discovery service passing to said principal an identity assertion associated 
15 with said principal and a discovery service descriptor associated with said discovery 
service for use by principal for future authentication; 

said principal authenticating using said identity assertion and using said 
discovery service descriptor at a Web service client, said Web service client linking to 
and representing a desired commerce site of said principal; 

20 in response to an action related to said desired commercial site, said Web 

service client, requesting a first service descriptor associated with said first Web service 
and a first service assertion associated with said first Web service from said discovery 
service; 

in response to receiving said first service descriptor and said first service 
25 assertion, said Web service client invoking a desired service at said first Web service; 

upon said first Web service determining a need to invoke a second desired 
service at a second Web service, said first Web service requesting from said discovery 

< . 6 . 
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service a second service descriptor associated with said second Web service and a 
second service assertion associated with said second Web service; and 

in response to receiving said request for said second service descriptor and said 
second service assertion, said discovery service adding said second service assertion 
5 to said first service assertion and subsequently passing said first service assertion and 
said second service descriptor to said first Web service; 

in response to receiving said first service assertion and second service 
descriptor, said first Web service invoking said desired second service at said second 
Web service. 

10 

14. (Original) The medium of Claim 13, wherein said first Web service invokes one 
or more services hosted on one or more Web servers. 

15. (Original) The medium of Claim 13, wherein said Web service client, said 
is discovery service, said first Web server, and said second Web server are members of a 

federation relationship in which each member trusts said discovery service. 

1 6. (Original) The medium of Claim 13, wherein said service assertion is any of, but 
not limited to: 

20 . a ticket; 

a token; 

is notarized by said discovery service; and 
is certified by said discovery service. 

25 17. (Previously Presented) The medium of Claim 16, wherein said service assertion 
is implemented using any of, but not limited to: 

a string; 
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a certificate; 
a public key; 

discovery keys wherein the discovery service has copies of the keys; and 
a form of cryptography. 

5 

18. (Original) The medium of Claim 13, wherein said service descriptor comprises 
any of, but not limited to: 

a URL; 

a String; and 

10 a Simple Object Access Protocol (SOAP) address for Web services. 

19. (Original) A process for a first Web service provider to invoke a service hosted 
on a second Web service provider on behalf of a principal in a computer environment, 
comprising the steps of: 

15 said principal logs in with a discovery service for subsequent authentication; 

in response to said log in, said discovery service passing an identity assertion 
and a discovery service descriptor to said principal; 

said principal uses said identity assertion and said discovery sen/ice descriptor to 
access a Web commerce site with a Web service client software interface application; 

20 said Web service client software interface application requesting a first service 

descriptor and a first service assertion for a first desired service at a first Web server 
from said discovery service; 

in response to receiving said first sen/ice descriptor and said first service 
assertion from said discovery service, said Web service client software interface 
25 . application invoking said first desired service at said first Web server; 



8 
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said first Web server requesting a second service descriptor and a second 
service assertion for a second desired service at a second Web server from said 
discovery service; and 

in response to receiving said second service descriptor and said second service 
5 assertion from said discovery service, said first Web server invoking said second 
desired service at said second Web server on behalf of said principal. 

20. (Previously Presented) An apparatus for a first Web service provider to invoke a 
service hosted on a second Web service provider on behalf of a principal in a computer 
10 environment, comprising: 

means for said principal logs in with a discovery service for subsequent 
authentication; 

in response to said log in, means for said discovery service passing an identity 
assertion and a discovery service descriptor to said principal; 

15 means for said principal using said identity assertion and said discovery service 

descriptor to access a Web commerce site with a Web service client software interface 
application; / 

means for said Web service client software interface application requesting a first 
service descriptor and a first service assertion for a first desired service at a first Web 
20 server from said discovery service; 

in response to receiving said first service descriptor and said first service 
assertion from said discovery service, means for said Web service client software 
interface application invoking said first desired service at sard first Web server; 

means for said first Web server requesting a second service descriptor and a 
25 second service assertion for a second desired service at a second Web server from 
said discovery service; 
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in response to receiving said second service descriptor and said second service 
assertion from said discovery service, means for said first Web server invoking said 
second desired service at said second Web server on behalf of said principal; and 

means for retaining a footprint of requested services, wherein said footprint 
5 contains both said first service assertion and said second service assertion. 

21. (Currently Amended) A program storage medium readable by a computer^ 
tangibly embodying a program of instructions executable by the computer to perform a 
method for updating address information in a computer environment, the method 
10 comprising the steps of: 

said principal logs in with a discovery service for subsequent authentication; 

in response to said log in, said discovery service passing an identity assertion 
and a discovery service descriptor to said principal; 

said principal uses said identity assertion and said discovery service descriptor to 
is access a Web commerce site with a Web service client software interface application; 

said Web service client software interface application requesting a first service 
• descriptor and a first service assertion for a first desired service at a first Web server 
from said discovery service; 

in response to receiving said first service descriptor and said first service 
20 assertion from said discovery service, said Web service client software interface 
application invoking said first desired service at said first Web server; 

said first Web server requesting a second service descriptor and a second 
service assertion for a second desired sen/ice at a second Web server from said 
discovery service; and 

25 in response to receiving said second service descriptor and said second service 

assertion from said discovery service, said first Web server invoking said second 
desired service at said second Web server on behalf of said principah- 

10 
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wherein card o o oond W e b servor i ndiroct l y oommun i oatoc with c a i d d i scovery 
GCHV 4 G O through said first Web sorvor . 
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